Frameworks, Life Cycles, and Architecture

Organizations require people with the skills to make decisions to secure information systems based on best practices, standards, and industry recommendations. Security architects fill this need. In this course, you'll learn about common IT life cycles and life cycle management, including the system development and security life cycles. You'll explore the importance of frameworks, including enterprise architecture frameworks. You'll then examine various stakeholders and the roles they play in architecture development. Next, you'll learn about the need for and types of security policies. Finally, you'll explore aspects of secure network architecture design, including network segmentation and components, applying industry best practices, and team member roles and responsibilities.

12 videos | 43m Assessment Badge

Secure Application and Data Architecture Design

Security architects design and implement secure architectures and translate business processes and risk into policy and implementation rules. In this course, you'll explore designing secure application and data architectures. First, you'll examine the history of development, the role of the application architect, and application architecture goals. Next, you'll learn about disciplines related to application architecture, as well as Service-oriented Architecture and its standards. You'll move on to learn about modular framework development, authentication, patching, and vulnerability testing. Next, you'll examine data architecture, data classification, data privacy, and database security. Finally, you'll learn about encryption and big data, as well as data architecture analysis and influences.

20 videos | 55m Assessment Badge

Access Control and Security Architecture Design

In this course, you'll learn about designing a secure access control architecture and updating a security architecture. First, you'll explore identity and access management, including the IAAA process and related entities. You'll move on to examine access control policies and models. You'll learn about centralized access control, as well as distributed access control, federated identity management frameworks, and supporting protocols. You'll explore the importance of access reviews, as well as access control considerations with bring your own device and Internet of Things. Next, you'll examine the impact of change on a security architecture and steps involved in life cycle management. Finally, you'll complete this course by learning about architecture change considerations and the importance of a change management policy.

13 videos | 46m Assessment Badge

Security Architecture Documentation and Alternative Architectures

In this course, you'll learn about documentation requirements for a security architecture and alternate architectures. First, you'll explore the types of documentation required to guide an architecture. You'll examine input documentation, including business requirements and objectives, standards and best practices, and laws and regulations. Next, you'll learn about architecture documentation, including how and what to document. You'll examine output documentation as well, including policies, procedures, and guidelines. You'll learn about the Security Requirements Traceability Matrix, including required fields. Finally, you'll learn about virtualization and how to evaluate cloud and hybrid cloud solutions, focusing on factors like shared responsibility, encryption, and key management.

12 videos | 38m Assessment Badge

FREE ACCESS

Frameworks, Life Cycles, and Architecture

Organizations require people with the skills to make decisions to secure information systems based on best practices, standards, and industry recommendations. Security architects fill this need. In this course, you'll learn about common IT life cycles and life cycle management, including the system development and security life cycles. You'll explore the importance of frameworks, including enterprise architecture frameworks. You'll then examine various stakeholders and the roles they play in architecture development. Next, you'll learn about the need for and types of security policies. Finally, you'll explore aspects of secure network architecture design, including network segmentation and components, applying industry best practices, and team member roles and responsibilities.

12 videos | 43m Assessment Badge

Secure Application and Data Architecture Design

Security architects design and implement secure architectures and translate business processes and risk into policy and implementation rules. In this course, you'll explore designing secure application and data architectures. First, you'll examine the history of development, the role of the application architect, and application architecture goals. Next, you'll learn about disciplines related to application architecture, as well as Service-oriented Architecture and its standards. You'll move on to learn about modular framework development, authentication, patching, and vulnerability testing. Next, you'll examine data architecture, data classification, data privacy, and database security. Finally, you'll learn about encryption and big data, as well as data architecture analysis and influences.

20 videos | 55m Assessment Badge

Access Control and Security Architecture Design

In this course, you'll learn about designing a secure access control architecture and updating a security architecture. First, you'll explore identity and access management, including the IAAA process and related entities. You'll move on to examine access control policies and models. You'll learn about centralized access control, as well as distributed access control, federated identity management frameworks, and supporting protocols. You'll explore the importance of access reviews, as well as access control considerations with bring your own device and Internet of Things. Next, you'll examine the impact of change on a security architecture and steps involved in life cycle management. Finally, you'll complete this course by learning about architecture change considerations and the importance of a change management policy.

13 videos | 46m Assessment Badge

Security Architecture Documentation and Alternative Architectures

In this course, you'll learn about documentation requirements for a security architecture and alternate architectures. First, you'll explore the types of documentation required to guide an architecture. You'll examine input documentation, including business requirements and objectives, standards and best practices, and laws and regulations. Next, you'll learn about architecture documentation, including how and what to document. You'll examine output documentation as well, including policies, procedures, and guidelines. You'll learn about the Security Requirements Traceability Matrix, including required fields. Finally, you'll learn about virtualization and how to evaluate cloud and hybrid cloud solutions, focusing on factors like shared responsibility, encryption, and key management.

12 videos | 38m Assessment Badge

Cybersecurity and Networking Fundamentals

The goal of cybersecurity is to protect systems, networks, data, and programs from digital attacks. As cyber-attacks continue to increase in frequency and sophistication, it is imperative that cybersecurity professionals learn how to quickly identify and mitigate vulnerabilities. In this course, you will learn common security terminology including threats, vulnerabilities, attacks, exploits, controls, and countermeasures. Discover the fundamentals of the confidentiality, integrity, and availability (CIA) triad, and explore the five elements of the AAA framework; identification, authentication, authorization, auditing, and accountability. You'll then explore risk considerations and management strategies, and discover how risks can be mitigated, accepted, transferred, and rejected. Lastly, explore core networking components and discover how information flow models are used to prevent unauthorized information flow in any direction. This course was originally created by Global Knowledge (GK).

13 videos | 42m Assessment Badge

Getting Started with Security Architecture

Security architecture can be defined as the specifications, processes, and standard operating procedures (SOPs) required to protect an organization's IT infrastructure. In order to improve network security and mitigate risks, a series of network devices can be used to control access to networks and resources. In this course, explore how security architectures can be used to enforce security at the network layer. Explore basic switching and routing devices, and discover core functions of a network intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS). Explore the characteristics and categories of firewall devices, and learn about networks, intranets, and demilitarized zones. Discover the benefits of network segmentation and learn how to segment networks. Lastly, discover how Network Address Translation (NAT) is used to map addresses, and explore how Network Access Control (NAC) can be used to verify compliance using security policies. This course was originally created by Global Knowledge (GK).

19 videos | 1h 11m Assessment Badge

FREE ACCESS

Governance, Risk Management, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

13 videos | 1h 16m Assessment Badge

Risk Assessment and Management

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

8 videos | 43m Assessment Badge

Governance and Corporate Culture

Corporate culture relates to the enterprise-wide attitudes towards security and risk. In this course, you'll learn about governance and corporate culture. First, you'll explore corporate security culture and associated concerns, before moving on to look at the concept of fear, uncertainty, and doubt and why it should be avoided. Next, you'll examine why enterprise-wide support is required, the differences between top-down and bottom-up, and various security roles. You'll learn about the importance of having an acceptable use policy, consequences of not having an appropriate policy in place, and having consequences for individuals who violate this policy. Finally, you'll examine methods of improving corporate culture and governance, like training, rewards and consequences, and hiring practices, and also learn about the importance of ongoing assessments.

5 videos | 21m Assessment Badge

FREE ACCESS

Governance, Risk Management, and Compliance

In this course, you'll explore governance, risk management, and compliance - commonly known as GRC. You'll examine why it matters, what it is, and its increasing importance. You'll learn about who needs it and the role it plays for various parties. Next, you'll examine industry compliance, external authorities, non-compliance consequences, and reporting. You'll also learn about industry standards like PCI, laws and regulations, and compliance and company policy. Finally, you'll complete this course by learning about privacy compliance, including private data, how data architectures address privacy information, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health act, the Gramm-Leach-Bliley Act, the General Data Protection Regulation, and privacy best practices.

13 videos | 1h 16m Assessment Badge

Risk Assessment and Management

Risk assessment allows you to identify and prioritize risk, while risk management allows you to analyze, mitigate, or accept risk. In this course, you'll explore risk assessment and management. You'll begin by examining the role Business Impact Analysis plays in risk management and what it accomplishes, before moving on to learn about various risk assessment and analysis approaches. Next, you'll explore the importance of risk mitigation and having a strategy for it, as well as how risk mitigation strategies fit into the risk management effort. You'll learn about the NIST SP 800-37 risk management framework and the steps involved, as well as the Risk Maturity Model and the associated five levels of risk management competency. Finally, you'll explore ongoing risk management, including what causes risk responses and acceptance to change, and the importance of patch management.

8 videos | 43m Assessment Badge

Governance and Corporate Culture

Corporate culture relates to the enterprise-wide attitudes towards security and risk. In this course, you'll learn about governance and corporate culture. First, you'll explore corporate security culture and associated concerns, before moving on to look at the concept of fear, uncertainty, and doubt and why it should be avoided. Next, you'll examine why enterprise-wide support is required, the differences between top-down and bottom-up, and various security roles. You'll learn about the importance of having an acceptable use policy, consequences of not having an appropriate policy in place, and having consequences for individuals who violate this policy. Finally, you'll examine methods of improving corporate culture and governance, like training, rewards and consequences, and hiring practices, and also learn about the importance of ongoing assessments.

5 videos | 21m Assessment Badge

Security Program Regulatory Integration

In this 12-video course, learners will discover the importance of integrating regulations with organizational security policies. Explore security standards such as General Data Protection Regulation (GDPR); Health Insurance Portability and Accountability (HIPAA); and Federal Information Security Management Act (FISMA), as well as the International Organization for Standardization (ISO), and National Institute of Standard and Technology (NIST). To begin, determine how to establish the importance of building regulatory compliance into a company's IT security program. You will then examine Personally Identifiable Information (PII), and Protected Health Information (PHI). This leads into the subject of Payment Card Industry Data Security Standard (PCI DSS), and what it entails. You will learn how HIPAA protects medical information; how GDPR protects European Union citizen data, and how the Gramm-Leach-Bliley Act (GLBA), applies to financial institutions. You will also identify how FISMA strives to protect sensitive US Government information, and recognize both NIST and ISO security standards. To conclude the course, you will discover how the Sarbanes-Oxley Act (SOX), requires organizational financial transparency.

12 videos | 38m Assessment Badge

Risk Analysis: Security Risk Management

In this 14-video course, learners can explore security risk management concepts and discover how to assess, categorize, monitor, and respond to organizational risks. Examine key terms such as threats, vulnerabilities, impacts, and risks, and the steps involved in the National Institute of Standard and Technology (NIST), risk management framework (RMF). Begin by learning how risk relates to information systems, and look at the concepts of managing risks, differentiating between threats, vulnerabilities, impacts, and risks. Examine the first step of the NIST RMF, categorizing risk, and then the second RMF step, selecting security controls. Next, observe the third step, implementing security controls; the fourth step, assessing security control effectiveness; the fifth step, examining risk, and output of security controls assessment to determine whether or not the risk is acceptable; and the last step, monitoring controls. Recognize benefits of a control-focused risk management approach; the benefits of an event-focused risk management approach; and risk communication. Finally, explore risk response and remediation, and differentiating between different risk responses such as accepting, avoiding, mitigating, sharing, or transferring risk.

14 videos | 38m Assessment Badge

Policy & Governance: Incident Response

Learners can explore the creation, adoption, and use of an IRP (Incident Response Plan) in this 14-video course, which examines the purpose and objectives of an IPR, and how it incorporates the objectives of an organization. You will learn how to draft an IRP, and examine the six stages of incident response: preparation, identification, containment, eradication, recovery, and lessons learned. Next, you will examine several tools that are available for incident response strategies, including Sleuth Kit, Metasploit, Websense, and FireEye Security Orchestrator. You will explore the different types of CSIRTs (Computer Security Incident Response Teams), team roles, their purpose, and the benefits of an outsourced team. This course demonstrates an incident team response with two hypothetical scenarios. You will learn about compliance and regulatory requirements, and will examine the international standard, ISO 27001. You will examine governance policy to direct and control IT security. Finally, you will learn to use governance polices to create incident response policies, and you will learn the elements and best practices for creating a plan.

14 videos | 1h 9m Assessment Badge

FREE ACCESS

SSCP 2021: Basic Security Concepts

Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.

11 videos | 28m Assessment Badge

SSCP 2021: Security Controls

When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 21m Assessment Badge

SSCP 2021: Asset & Change Management Lifecycles

As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 42m Assessment Badge

SSCP 2021: Physical Security Operations

Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 30m Assessment Badge

SSCP 2021: Risk Management

If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 46m Assessment Badge

SSCP 2021: Network Attacks & Countermeasures

A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 1h 5m Assessment Badge

SSCP 2021: Secure Wireless Communication

Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 35m Assessment Badge

FREE ACCESS

SSCP 2021: Basic Security Concepts

Most candidates for the (ISC)² Systems Security Certified Practitioner (SSCP) exam will have the required one year of paid job experience. So the basic security concepts are most likely a review for most learners. However, simply defining the technology is not enough. Candidates must be able to grasp how the following principles are implemented: (ISC)² Code of Ethics, confidentiality, integrity, availability, accountability, privacy, non-repudiation, least privilege, and segregation of duties (SoD). Take this course to explore how you would apply these principles to your own daily security operations. Upon completion, you'll have a solid knowledge of the topics covered in Domain 1: Security Operations and Administration of the (ISC)² SSCP 2021 CBK, preparing you to take the exam.

11 videos | 28m Assessment Badge

SSCP 2021: Security Controls

When an organization decides to mitigate risk as part of a handling strategy, they will, in essence, raise the difficulty or resistance to threat actors using various security controls. If your role involves upholding the operational security of your organization's most coveted assets, you must be familiar with the many types of controls available. Use this course to become familiar with security control categories and the controls that fall within them. Among others, explore administrative controls, like security policies and procedures; technical controls, like device hardening and application firewalls; and physical controls, like surveillance equipment and security personnel. When you're done, you'll be able to decide the security controls you should implement in your organization. This course covers topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 21m Assessment Badge

SSCP 2021: Asset & Change Management Lifecycles

As a security practitioner, assessing risk and applying controls is a fundamental part of the job description. However, doing so becomes pretty challenging if you don't know the value and priority of all physical and logical assets. Solid comprehension of the well-established lifecycles and architectures involved in both asset and change management will help you implement all your security initiatives smartly. In this course, examine the processes and best practices involved in each of the asset and change management lifecycle phases. When you've finished, you'll know the best way to implement each of these phases within the context of your own business. This course explores topics from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 42m Assessment Badge

SSCP 2021: Physical Security Operations

Although on the surface, choosing physical controls may seem common sense and subjective, there are likely options and considerations you're unaware of. Furthermore, SSCP exam candidates must have a broad knowledge of these controls to pass the exam. Use this course to explore, in detail, the many categories and types of physical security controls, including barriers, such as gate types; surveillance, such as camera types; types of locks and sensors; secure areas, such as Faraday cages; and environmental controls, such as air gaps. Upon course completion, you'll be able to customize your physical security methods to suit your organization. This course covers subtopic 1.8 from Domain 1: Security Operations and Administration of the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 CBK.

10 videos | 30m Assessment Badge

SSCP 2021: Understanding & Applying Cryptography

Although cryptography isn't covered until domain 5 of the SSCP CBK, potential exam candidates and security professionals will benefit from foundational knowledge of cryptosystems early in their training. Use this course to grasp the reasons and requirements for cryptography in safe-guarding information, including regulations and governance. Investigate cryptographic techniques, such as hashing and salting, symmetric and asymmetric encryption, and elliptic curve cryptography. Discover what's involves in digital signatures and certificates. Explore cryptographic attacks, cryptanalysis, and countermeasures. And delve into advanced cryptosystems, such as quantum computing and blockchain. Upon course completion, you'll be aware of the various traditional and modern cryptology techniques used to protect data and communications. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 41m Assessment Badge

SSCP 2021: Secure Protocols & Public Key Infrastructure (PKI)

Early on in the development of TCP/IP and the application layer protocols and services, it was decided not no build native security but rather to add new secure mechanisms and protocols. The aim was to maintain internetworking and interoperability without adding too much overhead. Knowing how these protocols work and how you can implement them will change how you protect your organization's information. Use this course to get abreast of some of the most vital secure protocols and their implementation along with other core services, such as key management, web of trust (WOT), and Public Key Infrastructure (PKI). Upon course completion, you'll be able to detail how and why these protocols and services are used. This course will help you in the lead-up to taking the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 38m Assessment Badge

SSCP 2021: Authentication & Trust Architectures

As a security professional, you'll likely have been exposed to the concept of origin authentication. However, in today's modern environment of mobile devices, the Internet of Things, and embedded systems, more robust authentication, authorization, and identity management methods are imperative. Use this course to comprehend how single and multi-factor authentication, single sign-on (SSO), device authentication, and federated access work. Examine the use of trust relationships between domains and what's meant by Zero Trust. And distinguish between various internetwork connections such as the Internet, intranets, and extranets. Upon course completion, you'll be able to detail how and why these authentication mechanisms and trust architectures are used. You'll also be one step closer to being prepared to take the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 33m Assessment Badge

SSCP 2021: Identity Management & Access Control Models

Whether you manage one or thousands of digital identities, the expectation for regulatory compliance, top-level security, and speedy access control will be the same. The importance of access control is reinforced by Domain 2 of the SSCP exam, representing 15% of the overall subject matter. Among other topics, this domain covers the identity management lifecycle and access control models. Use this course to gain a clear comprehension of the various aspects of identity management, namely authorization, proofing, provisioning, de-provisioning, maintenance, and entitlement. Furthermore, explore several types of access control models, including role-based and rule-based, and investigate the Bell-LaPadula and Biba mandatory access confidentiality and integrity models. Upon course completion, you'll recognize the identity management and access control techniques needed in your organization. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 40m Assessment Badge

SSCP 2021: Risk Management

If a threat agent exploits an IT asset's vulnerability, then the consequences for a business could be detrimental. In IT security terms, the likelihood of this happening and the potential impact if it did constitutes the concept of risk. Those responsible for the operational security of assets need to know how to reduce risk sufficiently. Use this course to learn the many ways to identify, assess, and manage risk related to IT infrastructure. Explore, in detail, various risk management techniques, such as risk visibility and reporting, threat modeling, and risk treatment. Examine legal and regulatory concerns when managing risk. And see how to implement organizational security awareness and training. Upon completion, you'll know how to bring risk magnitude down to a pre-defined acceptable level. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 46m Assessment Badge

SSCP 2021: Security & Vulnerability Assessment

Once you've assessed an organization's risks, you need to implement continuous visibility and reporting to understand risk evolution. Furthermore, once you've established security policies and controls, you need to test and evaluate them to confirm their efficacy. To meet these goals, security practitioners need to know how to uncover vulnerabilities, identify events of interest, monitor logs, and analyze metrics. Use this course to learn security and vulnerability assessment techniques and methodologies. Explore security testing, risk review, and vulnerability management. Examine data logging and event aggregation. Learn how to implement monitoring and event data analysis. And see how to document and communicate findings. Upon completion, you'll be able to identify, monitor, and analyze security risks. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 30m Assessment Badge

SSCP 2021: Incident Response & Forensics

Unprecedented events such as the Y2K bug and terrorist attacks, along with increasing cybercrime pervasiveness and sophistication, have meant that since the early 2000s, a security team's ability to recover from a disaster has moved from a bonus to non-negotiable. There are several phases to incident response, from preparation to forensic investigations and beyond. A competent security professional needs to know all of them. Use this course to learn what's involved in the incident response lifecycle phases of preparation, detection, analysis, escalation, containment, eradication, recovery, and lessons learned. As you advance, explore essential aspects of cyber forensic investigations, such as handling evidence and reporting. Upon completion, you'll know the multiple facets of incident response and cyber forensics. You'll also be further prepared to sit the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 36m Assessment Badge

SSCP 2021: Business Continuity Planning

When dealing with security, preparation is key. A variety of disasters could happen to most organizations at any moment, and the impact that could have on data and systems could be detrimental. There are many measures and processes to help recover from a disaster. Use this course to learn a handful of them. Explore the main elements of business continuity planning (BCP), also called continuity of operations (COOP). See what's involved in business impact analysis and disaster recovery planning. And examine various backup and restore methods. Upon course completion, you'll know several strategies to ensure a business continues to function after a disaster. This course's objectives line up with those in Domain 4: Incident Response and Recovery of the SSCP CBK and will help you prepare for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 36m Assessment Badge

SSCP 2021: Fundamental Networking Concepts

Historically speaking, the vast majority of security practitioners, technicians, engineers, and architects come from the field of local and wide area networking. This factor, as well as the importance of protecting data-in-transit, makes networking a critical knowledge area. Use this course to get to grips with several networking concepts and methodologies. Learn to distinguish between the OSI and TCP/IP reference models. Explore network topologies, relationships, and media types. See what's meant by software-defined networking (SDN), Remote Authentication Dial-In User Service (RADIUS), and terminal access controller access-control system plus (TACACS+), among other terms. Examine commonly used ports and protocols. And look into remote access connectivity and virtual private networks (VPNs). Upon course completion, you'll be familiar with several fundamental networking concepts and network access control methodologies. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

9 videos | 50m Assessment Badge

SSCP 2021: Network Attacks & Countermeasures

A critical aspect of risk and security management is having a clear picture of the present threatscape. This involves knowledge of threats actors, exploits, vulnerabilities, and malware along with countermeasures that include various technical, physical, and managerial controls. Take this course to learn to recognize several types of network attacks. Examine various methods for managing network security, from network device placement to configuring access control lists and using firewalls and proxies. Furthermore, learn how to secure network-based security devices as well as routers and switches. Then, delve into content delivery networking, cloud-based load balancers, and intrusion detection and prevention. Upon course completion, you'll know what's involved in both network attacks and countermeasures. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

10 videos | 1h 5m Assessment Badge

SSCP 2021: Secure Wireless Communication

Network and communications security is part of the SSCP Domain 6 objectives and includes the important topic of securing wireless communication. Use this course to learn about the key features of wireless networking technologies and the security vulnerabilities you need to consider. Examine key aspects about the operation of wireless technologies on the network including common wireless 802.11 standards and their distinguishing characteristics, and explore cellular, Wi-Fi, Bluetooth, and Near-Field Communication (NFC). Learn about the role of authentication and encryption protocols like WPA, WPA2, WPA3, and Extensible Authentication Protocol (EAP) as used on the network. Finally, learn how to secure various Internet of Things (IoT) devices including embedded devices and software-on-a-chip technology. Upon course completion, you'll know what's involved in securing wireless communication and devices. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 35m Assessment Badge

SSCP 2021: Malware & Countermeasures

To secure systems and applications appropriately, security practitioners must first recognize the various types of malicious code and activity. After this, they need to execute the best measures to counter these exploits. Use this theory-based course to recognize multiple types of exploits and malware and their most common countermeasures. Explore malware variants, such as rootkits, spyware, scareware, and ransomware. Examine countermeasures involving scanners, antimalware, and code signing. Then, study malicious activities, such as insider threats, data theft, zero-day exploits, and advanced persistent threats (APTs). And discover their various countermeasures, such as system hardening, patching, and data loss prevention (DLP). Lastly, investigate advanced mitigation techniques that involve behavioral and data analytics, machine learning, and artificial intelligence. Upon completion, you'll be able to identify and analyze malicious code and activity. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

7 videos | 36m Assessment Badge

SSCP 2021: Endpoint Protection & Mobile Device Management

The first decade of the 21st century saw an explosion in the use of various mobile devices and cloud service providers in the enterprise. With this came a new challenge for security professionals from which several techniques and tools were developed. Get to grips with the many terms and activities related to endpoint protection and mobile device management in this vocational course. Explore what's involved in host-based intrusion prevention systems (HIPS) and host-based intrusion detection systems (HIDS). Examine endpoint encryption, protection, detection, and response. And study mobile provisioning and mobile device and application management. Upon course completion, you'll be familiar with the best techniques for protecting various devices and systems. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 33m Assessment Badge

SSCP 2021: Secure Virtual & Cloud Environments

The security landscape changes in tandem with the evolution of technology. As virtualization and cloud computing have emerged, so have associated security tools, techniques, and regulations. Ensure your security knowledge is up-to-date with this advanced exam preparatory course. Learn about hypervisors, virtual appliances, and containers. Examine continuity and resilience, attacks and countermeasures, and legal and regulatory concerns. Explore what's involved in shared and data storage, deployment and service models, processing, and transmission. Delve into third-party/outsourcing requirements, data portability, data destruction, and auditing. And finally, investigate the cloud computing shared responsibility model. When you're done, you'll know how to secure technologies related to virtualization and cloud computing. You'll also be further prepared for the (ISC)² Systems Security Certified Practitioner (SSCP) 2021 exam.

8 videos | 41m Assessment Badge

FREE ACCESS

Certified Information Systems Auditor (CISA) 2019: Information System Auditing

Discover keys to conducting a successful audit, its driving processes, and its underlying IT solutions in this 15-video course. Examine controls and audit reporting while preparing for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered here include: how information systems (IS) auditing shows whether IT solutions meet business objectives efficiently and effectively; the expectations of conduct for CISA-certified individuals; and how auditing standards provide guidance for conducting efficient audits. Learn about various types of documentation when preparing an IS audit; how to identify client needs that map to business objectives; and different categories of security controls, including internal business process controls, IT controls, and sampling types. You will learn about control objectives required to secure organizational assets along with the controls themselves; planning for audit funding, personnel, and related items; scheduling audit phases; and how to report serious discoveries, including fraud or serious IT vulnerabilities. Finally, see how to generate audit reports, including existing controls which have passed or failed communication with stakeholders after audit recommendations are reported; and how IS auditing identifies weak security controls.

15 videos | 56m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: IT Management Frameworks

Explore how IT management frameworks provide a structured approach to managing and auditing IT assets and how risk assessments often drive the IS audit in this 11-video course, helping learners prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered in this 11-video course include: how IT governance provides a structured approach to ensuring IT solutions are aligned with business goals, including outsourced tasks; how Control Objectives for Information and Related Technologies (COBIT) can ensure business objectives are met by aligning appropriate IT processes; and how Information Technology Infrastructure Library (ITIL) practices can streamline IT service delivery. Learn how International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards can result in proper IT governance; how risk management can improve business operations; how to map various risk treatments to threats; and how the Business Model for Information Security (BMIS) encompasses information security planning, implementation, and management. Finally, learn how the Information Technology Assurance Framework (ITAF) is an assurance that an audit is done properly; the purpose of IT balanced scorecards; and how to map common framework characteristics to IS audits.

11 videos | 37m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Data Privacy & Risk

In this 14-video course, discover how identifying IT asset risks and applying appropriate data privacy standards helps keep sensitive data from unauthorized entities, while preparing for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered course include: how the CIA triad (confidentiality, integrity, and availability) enhances IT security; understanding examples of personally identifiable information (PII) and protected health information (PHI); how General Data Protection Regulation (GDPR) assures data privacy; and how to align data protection policies with GDPR. Then learn how Payment Card Industry Data Security Standard (PCI DSS) protects cardholder information; how to identify network devices with insufficient antimalware protection with the free Spiceworks tool; and how Hypertext Transfer Protocol Secure Health Insurance Portability and Accountability Act (HIPAA) protects sensitive medical information. Next, learn how Federal Risk and Authorization Management Program (FedRAMP) standards secure US Government information systems; how to determine the annualized loss expectancy (ALE) value with an online ALE calculator; and how to scan a network by using Network Mapper (Nmap) to determine which devices are present. Finally, map IT solutions to data privacy requirements.

14 videos | 46m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Virtualization & Cloud

Explore how virtualization provides efficient hardware usage and security boundaries and how cloud computing tracks pooled IT resource usage and charges fees accordingly, as you prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts in this 14-video course include: when to use various virtualization technologies; how to distinguish differences between Type 1 and Type 2 hypervisors; how to install Microsoft Hyper-V hypervisor; and how to configure a Hyper-V virtual network switch. Learn how to create a virtual machine (VM) hosted on Hyper-V; how to secure virtualized environments through dedicated management interfaces, patching, and changing default configurations; and to understand the National Institute of Standards and Technology (NIST) standard characteristics of cloud computing. Next, learn about map cloud service offerings to business needs; cloud-based security solutions such as the Azure Security Center, distributed denial-of-service (DDoS) mitigation, and Azure network security groups; and how to deploy a Windows VM and a Linux VM in the Azure cloud. Finally, learn to identify cloud services that require endpoint security and to map security solutions to use of virtualization and cloud computing.

14 videos | 1h 8m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Data Storage & Malware

Explore the variety of methods through which stored data can be secured and made highly available, despite realization of malware threats, as you prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered in this 16-video course include: distinguishing between data and information how they are secured; how to define the relationship between big data and the value of data analytics; and listing methods of securing a storage area network (SAN). Next, learn to enable password authentication for Internet Small Computer Systems Interface (iSCSI) target access; to recognize common security options available with cloud storage; and to ensure that decommissioned storage media do not contain retrievable data artifacts. You will learn how to deploy Structured Query Language (SQL) Database in the Azure cloud; how to implement a database replication strategy; how to protect data with the Windows backup feature; and how to protect data by backing it up to the cloud. Finally, learn how to identify the various forms of social engineering and the related security risks, and how to implement controls that provide data availability.

16 videos | 1h 5m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Testing & Vulnerability

This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, and explores auditor responsibilities such as identifying network and host weaknesses, reporting them to stakeholders, and suggesting recommendations to improve an organization's security. Learn to distinguish between white, black, and gray box testing, and then explore the benefits of periodic scans for identifying vulnerabilities. Learn how to use pen tests, and evaluate environmental and physical security controls. Next, learn how to use Nessus, a free remote security scanning tool. This course demonstrates how to forge TCP (transmission control protocol) network traffic by using the hping3 tool in Kali Linux. This course demonstrates the OWASP (open-source web application security scanner) ZAP (zed attack proxy) tool to identify web app vulnerabilities. You will learn how to secure traffic by using IPSec (internet security protocol), configure a cloud-based jump box, and about honey pots. Next, learn to secure assets with physical controls and the eavesdropping risk of drones. Finally, learners will be able to identify different types of fire suppression systems.

16 videos | 1h 4m Assessment Badge

FREE ACCESS

Certified Information Systems Auditor (CISA) 2019: Information System Auditing

Discover keys to conducting a successful audit, its driving processes, and its underlying IT solutions in this 15-video course. Examine controls and audit reporting while preparing for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered here include: how information systems (IS) auditing shows whether IT solutions meet business objectives efficiently and effectively; the expectations of conduct for CISA-certified individuals; and how auditing standards provide guidance for conducting efficient audits. Learn about various types of documentation when preparing an IS audit; how to identify client needs that map to business objectives; and different categories of security controls, including internal business process controls, IT controls, and sampling types. You will learn about control objectives required to secure organizational assets along with the controls themselves; planning for audit funding, personnel, and related items; scheduling audit phases; and how to report serious discoveries, including fraud or serious IT vulnerabilities. Finally, see how to generate audit reports, including existing controls which have passed or failed communication with stakeholders after audit recommendations are reported; and how IS auditing identifies weak security controls.

15 videos | 56m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: IT Management Frameworks

Explore how IT management frameworks provide a structured approach to managing and auditing IT assets and how risk assessments often drive the IS audit in this 11-video course, helping learners prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered in this 11-video course include: how IT governance provides a structured approach to ensuring IT solutions are aligned with business goals, including outsourced tasks; how Control Objectives for Information and Related Technologies (COBIT) can ensure business objectives are met by aligning appropriate IT processes; and how Information Technology Infrastructure Library (ITIL) practices can streamline IT service delivery. Learn how International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) standards can result in proper IT governance; how risk management can improve business operations; how to map various risk treatments to threats; and how the Business Model for Information Security (BMIS) encompasses information security planning, implementation, and management. Finally, learn how the Information Technology Assurance Framework (ITAF) is an assurance that an audit is done properly; the purpose of IT balanced scorecards; and how to map common framework characteristics to IS audits.

11 videos | 37m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Data Privacy & Risk

In this 14-video course, discover how identifying IT asset risks and applying appropriate data privacy standards helps keep sensitive data from unauthorized entities, while preparing for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered course include: how the CIA triad (confidentiality, integrity, and availability) enhances IT security; understanding examples of personally identifiable information (PII) and protected health information (PHI); how General Data Protection Regulation (GDPR) assures data privacy; and how to align data protection policies with GDPR. Then learn how Payment Card Industry Data Security Standard (PCI DSS) protects cardholder information; how to identify network devices with insufficient antimalware protection with the free Spiceworks tool; and how Hypertext Transfer Protocol Secure Health Insurance Portability and Accountability Act (HIPAA) protects sensitive medical information. Next, learn how Federal Risk and Authorization Management Program (FedRAMP) standards secure US Government information systems; how to determine the annualized loss expectancy (ALE) value with an online ALE calculator; and how to scan a network by using Network Mapper (Nmap) to determine which devices are present. Finally, map IT solutions to data privacy requirements.

14 videos | 46m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: IAM & Data Classification

Explore how multifactor authentication (MFA) and role-based access control lessen risks of system compromise and privilege abuse, and how data classification uses tags to organize data, while preparing for the ISACA Certified Information Systems Auditor (CISA) exam in this 16-video course. Key concepts covered include: authentication categories and how authorization follows; how to create Active Directory (AD) users and groups on-premises; and how to create Azure AD users and groups. Learn how MFA enhances security; how to enable MFA for Azure AD users; how to assign built-in Azure roles to AD groups; and how to assign built-in Amazon Web Services (AWS) policies. Next, study the role of identity federation across organizations, including single sign-on (SSO), and learn how resource tagging aids in tracking and granting permissions. Learn to configure shared folder and New Technology File System (NTFS) Windows file system permission, as well as standard Linux file system permissions. Finally, learn to classify Windows Server files with metadata; to use resource and AD attributes to conditionally grant file system permissions; and to create and manage authentication accounts and data tags.

16 videos | 1h 12m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Performance & Management

Efficient delivery of IT systems includes cost reduction and optimized system performance. In this 15-video course, discover how a structured approach for implementing changes and patches can reduce security incidents and downtime, in preparation for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered here include: how performance is related to service level agreements (SLAs), and differences between SLAs and operational level agreements; how to establish a baseline of normal performance and monitor performance metrics in Windows and Linux environments; and how to monitor performance metrics in a cloud computing environment. Next, learn how to configure cloud-based alerting; about enterprise change and configuration management procedures and terms such as content management system (CMS), configuration management database (CMDB), and configuration item (CI); and enterprise vulnerability management procedures. Learn how to configure which administrators can manage Group Policy Objects (GPOs); how to configure application deployment centrally with System Center Configuration Manager (SCCM); configure Windows patch deployment centrally with SCCM; how to configure Ubuntu Linux to check for updates; and how to tweak IT system performance and implement controlled changes centrally.

15 videos | 1h 7m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: PKI & Data Protection

Explore how public key infrastructure (PKI) provides a hierarchy of digital security certificates used to secure data and authenticate users and devices and how data are protected with encryption and file integrity verification, as you prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered in this 16-video course include: how cryptography protects data; distinguishing between asymmetric and symmetric encryption; steps in the PKI certificate lifecycle; and how to deploy a private Microsoft CA (certificate authority). Next, learn about configuring customized PKI certificate templates; how Transport Layer Security (TLS) and Internet Protocol Security (IPsec) secure network communications; disabling SSLv3 (secure sockets layer) on clients and servers; and configuring an Internet Information Services (IIS) website with a PKI certificate. Then learn about client PKI certificates for website access; how to protect data at rest with Windows Encrypting File System (EFS); and how to protect data at rest with Windows BitLocker. Finally, learn to use SHA-256 (secure hash algorithm) hashing to verify file integrity; and work with PKI certificates to secure data in transit and at rest.

16 videos | 1h 1m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Virtualization & Cloud

Explore how virtualization provides efficient hardware usage and security boundaries and how cloud computing tracks pooled IT resource usage and charges fees accordingly, as you prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts in this 14-video course include: when to use various virtualization technologies; how to distinguish differences between Type 1 and Type 2 hypervisors; how to install Microsoft Hyper-V hypervisor; and how to configure a Hyper-V virtual network switch. Learn how to create a virtual machine (VM) hosted on Hyper-V; how to secure virtualized environments through dedicated management interfaces, patching, and changing default configurations; and to understand the National Institute of Standards and Technology (NIST) standard characteristics of cloud computing. Next, learn about map cloud service offerings to business needs; cloud-based security solutions such as the Azure Security Center, distributed denial-of-service (DDoS) mitigation, and Azure network security groups; and how to deploy a Windows VM and a Linux VM in the Azure cloud. Finally, learn to identify cloud services that require endpoint security and to map security solutions to use of virtualization and cloud computing.

14 videos | 1h 8m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Digital Asset Protection

Security technicians must determine which security controls most effectively protect assets at a reasonable cost. Explore IT maturity models, and endpoint, Internet of Things (IoT), and mobile device security in this 15-video course. Key concepts covered here include: how IT maturity models provide assessments as to whether technology effectively meets business needs; how to map security hardware and software to the Open Systems Interconnection model (OSI model); and how to enable requirements for complex passwords and user account intruder detection. Next, learn to configure endpoint antimalware policy settings centrally with System Center Configuration Manager (SCCM); how to determine when data loss prevention (DLP) solutions are needed for data privacy; and why IoT devices are generally considered unsecure. Learn to use the shodan.io site to locate vulnerable IoT devices; use techniques such as network isolation and changing default settings to harden IoT and mobile devices; and manually harden an Android smartphone. Finally, learn how to configure SCCM policies to ensure mobile device security compliance and compare OSI Layer 3 and Layer 7 security solutions. This course helps learners prepare for the ISACA Certified Information Systems Auditor (CISA) certification exam.

15 videos | 1h 5m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Data Storage & Malware

Explore the variety of methods through which stored data can be secured and made highly available, despite realization of malware threats, as you prepare for the ISACA Certified Information Systems Auditor (CISA) exam. Key concepts covered in this 16-video course include: distinguishing between data and information how they are secured; how to define the relationship between big data and the value of data analytics; and listing methods of securing a storage area network (SAN). Next, learn to enable password authentication for Internet Small Computer Systems Interface (iSCSI) target access; to recognize common security options available with cloud storage; and to ensure that decommissioned storage media do not contain retrievable data artifacts. You will learn how to deploy Structured Query Language (SQL) Database in the Azure cloud; how to implement a database replication strategy; how to protect data with the Windows backup feature; and how to protect data by backing it up to the cloud. Finally, learn how to identify the various forms of social engineering and the related security risks, and how to implement controls that provide data availability.

16 videos | 1h 5m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: BCP & Network Security

This course addresses why and how organizations must have a Disaster Recovery Plan (DRP), for resiliency in the face of malicious attacks, as well as natural and man-made disasters. The DRP is part of the overall Business Continuity Plan (BCP), which ensures the ongoing functionality of business processes. In this course, you will learn a variety of disaster planning strategies, as well as network security configurations order when planning for business disruptions. Learners will explore the auditing process, and what IS auditors need to consider as the audit objective and the audit scope, and which may include reviewing business continuity plans within the organization. This course identifies common redundant array of independent disks (RAID)-level characteristics, and you will learn how to configure RAID 5 in Windows Server 2016. You will learn how to configure Microsoft Azure cloud computing and SQL database georedundancy. Finally, the course explores numerous network security topics, such as wired and wireless network security and network threat mitigation through configuration of firewalls. This course helps learners prepare for the ISACA Certified Information Systems Auditor (CISA) certification exam.

16 videos | 1h 8m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: System Design & Analysis

This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, and you will explore systems planning, testing, integration, and delivery to ensure timely delivery of system changes or entire new solutions for security planning. First, you will explore IT system planning, including the system development life cycle, and learn how technicians can evaluate IT solutions to align with business needs. You will examine how IT solutions will require a feasibility analysis to determine whether those solutions can be used or if a new IT solution must be built. You will see that testing and continuous delivery ensures and maintain the stability and security of the solution. This course covers QA (quality assurance) and why QA needs to be adapted for different organizations, based on compliance with laws and regulations relevant to their business. Finally, this course examines IT solution deployment, including continuous integration and delivery, infrastructure deployment, system migration and data conversion, and how to perform a cloud migration assessment.

16 videos | 58m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Testing & Vulnerability

This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, and explores auditor responsibilities such as identifying network and host weaknesses, reporting them to stakeholders, and suggesting recommendations to improve an organization's security. Learn to distinguish between white, black, and gray box testing, and then explore the benefits of periodic scans for identifying vulnerabilities. Learn how to use pen tests, and evaluate environmental and physical security controls. Next, learn how to use Nessus, a free remote security scanning tool. This course demonstrates how to forge TCP (transmission control protocol) network traffic by using the hping3 tool in Kali Linux. This course demonstrates the OWASP (open-source web application security scanner) ZAP (zed attack proxy) tool to identify web app vulnerabilities. You will learn how to secure traffic by using IPSec (internet security protocol), configure a cloud-based jump box, and about honey pots. Next, learn to secure assets with physical controls and the eavesdropping risk of drones. Finally, learners will be able to identify different types of fire suppression systems.

16 videos | 1h 4m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Digital Evidence Gathering

This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, a professional certification that allows information system (IS) auditors to properly follow the IS audit process in risk management. You will learn how to identify assets and threats, hardening IT computing environments, performing IT forensics, and auditing tasks. This course explores the importance of gathering, handling, and storing digital evidence to ensure its admissible in a court of law. Because chain-of-custody laws vary around the world, it is important to know how the evidence was gathered, where it was stored, and who had access to the evidence. Learners will explore digital forensics, chain of custody, order of volatility, and hard disk imaging. You will see a list of common digital forensic hardware and software, and IT component collection as evidence. Finally, this course demonstrates how to use tools in Kali Linux, such as the autopsy forensic browser tool to view user data, and how to retrieve data from an image.

10 videos | 34m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Continuous Monitoring

This course explores the importance of continuously monitoring business processes, and the applicable supporting IT solutions. You will learn how information system (IS) auditing can identify and assist in continuous process improvement. In this course, learners will acquire knowledge of the skills necessary to audit monitoring solutions and business processes. You will explore how to establish baselines to easily detect anomalies. Then learn how to set a baseline for specific systems, like a web server, its normal performance, and the server's normal pattern of network. This course will list various sampling types, such as attribute, variables, and statistical and discovery sampling, which play a role in the audit process. You will learn how to filter logs and enable centralized log collection. Next, explore how to work with optimal settings for packet capturing placement, and for intrusion detection and intrusion prevention systems. This course covers new malware variance, new hardware and software vulnerabilities, as well as other events that impact processes or IT infrastructure, such as the flooding of a data center. This course helps learners prepare for the ISACA Certified Information Systems Auditor (CISA) certification exam.

11 videos | 47m Assessment Badge

Certified Information Systems Auditor (CISA) 2019: Scenario-Based Practice

This course explores how to apply the information systems (IS) audit process to ensure adequate risk mitigation for audit planning, security control selection, travelling user vulnerability mitigation, Wi-Fi hardening, and proper PKI (public key infrastructure) key implementation. Learn the importance of having a ISACA CISA (Certified Information Systems Auditor) certification, which indicates you are a professional with the skills necessary as an IT security analyst in performing an IS audit. An IS auditor must have knowledge of the type of business being audited, and need to be able to identify the security posture of an organization within a given specific scenario that falls within the audit scope. When auditing a business, you first look at the type of business, its use of technology, and related security. This course uses real-world business scenarios that include, for example, a marketing company and a financial institution. These scenarios cover how to identify audit planning errors, security control cost effectiveness, determining Wi-Fi weaknesses, determining how keys should be used, and compensating control selection.

8 videos | 21m Assessment Badge

FREE ACCESS

IT Skills & Salary Report

ESG Impact Report

Cyber Specialist to CISA

Cyber Architecture

Cyber Architecture On Demand

Cyber GRC

Cyber GRC On Demand

SSCP Certification

SSCP Certification On Demand

CISA Certification

CISA Certification On Demand

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

COURSES INCLUDED

EARN A DIGITAL BADGE WHEN YOU COMPLETE THESE TRACKS

YOU MIGHT ALSO LIKE